RephiWeb.Auth.AuthorizationPlug (Rephi v0.1.0)
View SourcePhoenix plugs for authorization checks in controllers.
This module provides various plugs to protect controller actions based on user permissions and roles. The plugs integrate with the authorization system to check user permissions before allowing access to protected actions.
Usage
Add authorization plugs to your controller:
defmodule MyAppWeb.UserController do
use MyAppWeb, :controller
# Protect specific actions
plug AuthorizationPlug, {:permission, "users:edit"} when action in [:edit, :update]
plug AuthorizationPlug, {:role, "admin"} when action in [:delete]
# Multiple permission checks
plug AuthorizationPlug, {:any_permission, ["users:create", "users:edit"]}
plug AuthorizationPlug, {:all_permissions, ["users:edit", "system:manage"]}
# Your controller actions...
end
Response Codes
401 Unauthorized
- User is not authenticated403 Forbidden
- User is authenticated but lacks required permissions
Summary
Functions
Plug to use in controllers for authorization. Call with :init_options set to {:permission, "permission:slug"} or {:role, "role_slug"}
Ensures the current user has all of the specified permissions.
Ensures the current user has any of the specified permissions.
Ensures the current user has the specified permission.
Ensures the current user has the specified role.
Functions
Plug to use in controllers for authorization. Call with :init_options set to {:permission, "permission:slug"} or {:role, "role_slug"}
Examples
# In a controller
plug RephiWeb.Auth.AuthorizationPlug, {:permission, "users:edit"}
plug RephiWeb.Auth.AuthorizationPlug, {:role, "admin"}
plug RephiWeb.Auth.AuthorizationPlug, {:any_permission, ["users:edit", "users:create"]}
plug RephiWeb.Auth.AuthorizationPlug, {:all_permissions, ["users:edit", "system:manage"]}
Ensures the current user has all of the specified permissions.
Examples
# In a controller
plug RephiWeb.Auth.AuthorizationPlug, :require_all_permissions, ["users:edit", "system:manage"]
Ensures the current user has any of the specified permissions.
Examples
# In a controller
plug RephiWeb.Auth.AuthorizationPlug, :require_any_permission, ["users:edit", "users:create"]
Ensures the current user has the specified permission.
Returns 401 if user is not authenticated, 403 if user lacks the permission.
Parameters
conn
- The Plug.Conn structpermission_slug
- The permission slug to check (e.g., "users:edit")
Examples
# Direct function call (not recommended)
conn = require_permission(conn, "users:edit")
# Use as plug (recommended)
plug AuthorizationPlug, {:permission, "users:edit"}
Ensures the current user has the specified role.
Examples
# In a controller
plug RephiWeb.Auth.AuthorizationPlug, :require_role, "admin"